#supply-chain-attacks

[ follow ]
#cybersecurity #open-source #malware #software-development #cursor #workspace-trust #arbitrary-code-execution
Information security
fromThe Hacker News
3 days ago

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Cursor's default-disabled Workspace Trust allows VS Code-style autorun tasks to execute on folder open, enabling arbitrary code execution and potential credential theft.
fromTheregister
1 week ago

Stolen OAuth tokens expose Palo Alto customer data

Marc Benoit, chief information security officer at PAN, confirmed in a note to clients - seen by The Register - that it was informed on August 25 that the "compromise of a third-party application, Salesloft's Drift, resulted in the access and exfiltration of data stored in our Salesforce environment." It immediately disconnected the third-party application from its Salesforce CRM, he said.
Information security
fromThe Hacker News
3 weeks ago

PyPI Blocks 1,800 Expired-Domain Emails to Prevent Account Takeovers and Supply Chain Attacks

These changes improve PyPI's overall account security posture, making it harder for attackers to exploit expired domain names to gain unauthorized access to accounts.
Python
#cybersecurity
more#cybersecurity
Information security
fromIT Pro
3 months ago

Application security risk: How leaders can protect their businesses

Application security is increasingly challenging due to software complexity and pressure for rapid feature rollout.
[ Load more ]